How to Deal With Data Leaks on TikTok, Instagram and YouTube
An improperly secured cloud database has exposed the personal information of over 235 million TikTok, Instagram and YouTube accounts. Hong Kong-based company Social Data unknowingly stored data in a database without proper password protection, which meant anyone could walk in and see it. Ugh .
Cybersecurity firm Comparitech discovered and exposed a vulnerability that Social Data immediately patched, but other people with less altruistic intentions may have found it too.
Comparitech reports that the database contained the following information about the affected accounts:
- Profile name
- Full real name
- Avatar
- Account Description
- Whether the profile belongs to a company or contains ads
- Subscriber engagement statistics, including: number of subscribers; Engagement level; Follower growth rate; Audience gender; Audience age; Audience location
- Like
- Timestamp of the last message
- Age
- Floor
It also had phone numbers and email addresses for at least 20% of the aforementioned accounts.
Why is it important
Large scale data leaks are common, but this particular case is different: the fact that information was stored in an improperly secured database is problematic, but in this case it was all public information, not private passwords or financial data. This means that accessing stored data is not so much a hack as a general data security error, albeit a rather serious one given the variety of information that the database consolidates in one place.
Take another look at it: knowing a person’s full name and email address isn’t enough to hack their account – you can find this with a Google search and some social media savvy, and companies know this. But having a person’s name, email address, phone number, accounts, postal address, age, and message history all in one place creates a decent basis for identity theft.
Repeat this for hundreds of millions of accounts and you have a serious data privacy issue.
What are you supposed to do now
It’s always important to keep your account security up to date in response to leaks, including your passwords, and I recommend that you do this if you’re worried about a social data oversight. It’s also a great reminder to anonymize your data whenever possible.
I’m not saying that you need to delete your social media accounts or make everything private (the database includes private accounts anyway), but the more public you are, the more security you need.
Even if you are nice to people who theoretically know your name, if someone can match that name with an email address or phone number and then match them with a password that may have been leaked somewhere else in the past. you have problems. The compromised Social Data database is one of those unforeseen cases of mishandling of user data that can transfer your information to the wrong people. Ultimately, users must protect themselves.
Be aware of the data that social media platforms collect about you and hide as much of your personal information as possible. You can even use a different name, email address, or other fake identification information when creating new accounts. If a website requires information such as your birthday or mailing address, make sure they aren’t visible to everyone if you don’t want to. Or just make up. The less companies know about you, the better; do not give them more information than the very basics needed to use the service, and it will be harder to tie together your digital life when a similar disruption occurs again.
[ 9to5mac ]